twp-oracledatabasebackupservice-2183633
18
1 An Oracle White Paper January 2015 Oracle Database Backup Service – A Technical White Paper
-
Upload
arush-jain -
Category
Documents
-
view
30 -
download
1
Transcript of twp-oracledatabasebackupservice-2183633
1
An Oracle White Paper January 2015
Oracle Database Backup Service – A Technical White Paper
2
WHY STORE BACKUPS IN THE CLOUD? 4
ORACLE DATABASE BACKUP SERVICE OVERVIEW 4
ORACLE DATABASE CLOUD BACKUP MODULE (ODCBM) 5
COMPLETE DATA SECURITY 5 COMPRESSED BACKUPS FOR BETTER PERFORMANCE 5 SUPPORT MATRIX 6 BENEFITS OF ORACLE DATABASE BACKUP SERVICE 6
GETTING STARTED WITH THE ODBS 7
1. SIGN UP FOR ORACLE DATABASE BACKUP SERVICE & PURCHASE CAPACITY. 7 2. REGISTER FOR ORACLE TECHNOLOGY NETWORK (OTN) ACCOUNT 8 3. INSTALL THE ORACLE DATABASE CLOUD BACKUP MODULE 9 4. EXECUTE THE INSTALLER 10 5. CONFIGURE RECOVERY MANAGER (RMAN) SETTINGS 10 6. CONFIGURE ENCRYPTION 11 7. PERFORM BACKUPS 11 8. RESTORE & RECOVERY 12
CLOUD BACKUP BEST PRACTICES 12
END-‐TO-‐END DATA SECURITY 12 PROTECTION OF THE ENCRYPTION KEY 12 OPTIMIZING CLOUD BACKUP PERFORMANCE 12
CONCLUSION 13
APPENDIX 14
CONFIGURATION FILES 14 EXAMPLE TEST RUN 15 USING PASSWORD ENCRYPTION 16 USING TRANSPARENT DATA ENCRYPTION 16
3
Introduction
Cloud Computing allows users to tap into a virtually unlimited pool of computing and storage resources over the Internet. Cloud users benefit from utility-like costs, scalability, and reliability, as well as the ability to self-provision resources dynamically and pay only for what they use.
Enterprises deploy multi-tiered storage architectures to store their production data and backups to reduce the overall capital and operating expenses for their storage infrastructure. They also store their data in an offsite location for disaster recovery purposes. They prefer to store their backup data in a location which is offsite, but at the same time immediately accessible. For long term archives, and backups, they utilize tape vaulting and store tapes in an offsite location. Many small and medium businesses that do not have a tape infrastructure have to deploy some form of virtual tape or disks for storing backups and archives. Cloud based storage offers a great alternate to tape with no upfront capital cost, no storage management, on-demand increase of capacity, and a pay-per-use model.
Oracle Database Backup Service (ODBS) is a new backup-as-a-service offering that enables customers to store their backups securely in the Oracle cloud. ODBS provides a transparent, scalable, efficient, and elastic cloud storage platform for Oracle database backups. The Client side Oracle Database Cloud Backup Module which is used with Recovery Manager (RMAN) transparently handles the backup and restore operations. Unlike traditional tape-based offsite storage, Cloud backups are immediately accessible whenever a restore is required.
Purpose of this document is to provide an overview of Oracle Database Backup Service. For detailed documentation, refer to https://docs.oracle.com/cloud/latest/dbbackup_gs/.
4
Why Store Backups in the Cloud?
Good Disaster Recovery (DR) practice requires keeping usable business-critical backups offsite. Organizations have traditionally implemented this by writing backups to tape and shipping the tapes to be stored offsite. This is costly and operationally complex, requiring hardware, personnel, and sound procedures to ensure that the offsite backups are up-to-date, secure, and able to be recalled and used in the face of disaster. While shipping and secure storage are often outsourced, the IT organization of the enterprise retains the burden of ensuring the integrity of the backups and procedures.
The pricing and operational characteristics of Cloud Storage make it a very compelling alternative to shipping tapes offsite. Cloud storage offers pay-as-you-go, elastic self-provisioning, with low prices per unit storage per unit time, making costs easy to predict, control, and map to the workloads of an organization’s IT assets. Good Cloud infrastructure offers storage redundancy, security, availability and scalability with geographic distribution that enables it to absorb a broad range of adverse events without loss of availability. These characteristics make it an excellent alternative to writing, shipping and storing tapes in a secure location. Last, but not least, backups are created and updated over the network, with minimal or no operator involvement – drastically simplifying operational procedures.
Cloud services for storing backups offer business benefits in terms of elasticity in capacity and operational expenses. It can also simplify your own infrastructure as you no longer need to provide and manage storage (e.g., tapes that need to be rotated, shipped away, etc.).
Oracle Database Backup Service Overview
ODBS is the cloud storage solution for storing backups of on-premise Oracle databases. It is an object storage platform that provides elastic on-demand storage capability. Cloud object management and data transfer complexities are completely transparent to the DBAs and backup administrators as the backups and restores between the cloud and the on-site databases are handled by the database backup module.
Figure 1. Oracle Database Backup Service
Refer to the Oracle Public Cloud documentation at http://docs.oracle.com/cloud for more details.
5
Oracle Database Cloud Backup Module (ODCBM)
ODCBM is the cloud backup module that is installed in the database server. During the install process, a platform specific backup module is downloaded and installed. The RMAN environment of the client database is configured to use the cloud backup module to perform backups to ODBS. Using familiar RMAN commands, backups and restores are transparently handled by the backup module.
Figure 2. Data Flow for the Client Module
Encrypted and compressed RMAN backup data are transmitted to ODBS using SSL.
Complete Data Security
Data security and privacy is particularly important in shared, publicly accessible environments such as Storage Clouds. Accordingly, ODCBM enforces mandatory RMAN encryption of the backup data. . If the backup data is not encrypted, users get an error message and the data is not backed up. RMAN encryption of the backup data before it leaves the database server reduces the risk of theft or unauthorized access of the data - as the backup data remains encrypted at the source, in transit, and at rest in the Cloud. RMAN encryptions to backup to ODBS do not require licensing Advanced Security Option.
Compressed Backups for Better Performance
RMAN backups to ODBS will skip unused and null blocks of the databases. These backups can be further reduced in size by choosing from RMAN’s rich compression capabilities. When transmitting backups over low-bandwidth networks, such as the public internet, any reduction in backup size is directly realized as an increase in backup performance. RMAN compressions to backup to ODBS do not require licensing Advanced Compression Option.
6
Support Matrix
The Oracle Database Backup Service support matrix:
Oracle Database1 10gR2, 11g, 12c (EE, SE, SE1)
Operating Systems (64bits) Linux, Solaris x86-64, SPARC, Windows, AIX, HP-UX, zLinux
RMAN Compression2 HIGH, MEDIUM, BASIC, LOW
RMAN Encryption Password, TDE, Dual-mode
Benefits of Oracle Database Backup Service
Oracle Database Backup Service’s functionality provides numerous advantages compared to other offsite storage practices.
• Continuous Accessibility: Backups stored in ODBS are always accessible – much in the same way local disk backups are. For restores, there is no need to call anyone and no need to ship or load the tapes. Administrators can initiate restore operations using their standard tools (Enterprise Manager, RMAN scripts, etc.) just as if the offsite backup was stored locally. This make restores faster and reduce down time from days to hours/minutes compared to cases where tapes must be retrieved from the offsite storage location.
• High Reliability: Storage Clouds are disk based. ODBS stores data redundantly across multiple storage nodes for availability and scalability purposes.
• Unlimited Scaling and No Up-front Capital Expense: ODBS provides virtually unlimited capacity with no up-front capital expenditure. Consequently, users need not worry about provisioning adequate tapes or local storage to hold the required backup data.
• Easy Provisioning of Test and Dev Environments: As Cloud Backups are accessible from anywhere via the Internet, the backups can be used to quickly clone databases to create custom test, development, or QA environments.
1 Standard Editions require a patch for the bug 18339044 (Refer to My Oracle Support Doc ID 1640149.1) 2 Availability of the compression options depend on the Database version.
7
Getting Started with the ODBS
This section explains the overall process to purchase ODBS storage capacity, and how to download and configure the Oracle Cloud Backup Module to use with your Oracle Database. For more details, please refer to http://docs.oracle.com/cloud and also the Oracle Database RMAN documentation. Figure 2 shows the overall flow of operations.
Figure 2. Data Flow for the Client Module
This section outlines the steps involved in the overall ODBS setup
1. Sign up for Oracle Database Backup Service & Purchase capacity.
From the Oracle Store (or) via ODBS portal, purchase storage capacity in 1TB blocks either on a month-to-month basis or for longer term. The email provided for creating the account will be the UserID.
8
After the purchase process, you will receive an email with the procedure to sign up for the account. During the sign-up process, you can choose the Identity domain, Service Name, and Password. An example screen shot is provided below:
Refer to http//docs.oracle.com/cloud for the latest and detailed subscription procedure.
2. Register for Oracle Technology Network (OTN) Account
An Oracle.com or OTN account is required to install the Oracle Database Cloud Backup module. New accounts may be created by visiting the OTN website (http://otn.oracle.com) for free.
9
3. Install the Oracle Database Cloud Backup Module
Go to the OTN page for downloading the ODCBM installer.
Unzip the installer. It contains opc_install.jar and a README file. Proceed to install the Oracle Database Cloud Backup Module by executing the installer jar file.
In this section, the following example location & parameter information are used.
Description Location / Value
Oracle Database Backup Service Related
ODBS – Account ID [email protected]
ODBS - Password myPassword
ODBS – Identity Domain myDomain
ODBS – Service Name myService
Local wallet location to store ODBS credentials (-walletDir)
/home/oracle/OPC/wallet
Local Database Related
ORACLE_BASE /orclbase
10
ORACLE_HOME /orclhome
ORACLE_SID mySID
-libDir /home/oracle/OPC/lib
Oracle Wallet for RMAN encryption (optional)
$ORACLE_BASE/admin/$ORACLE_SID/wallet
4. Execute the installer
The install tool then is invoked as shown in the following example:
$ java -jar opc_install.jar -serviceName myService -identityDomain myDomain
-opcId [email protected] -opcPass myPassword -walletDir
/home/oracle/OPC/wallet -libDir /home/oracle/OPC/lib
Oracle Database Cloud Backup Module Install Tool, build 2014-03-13
Oracle Database Cloud Backup Module credentials are valid.
Oracle Database Cloud Backup Module wallet created in directory
/home/oracle/OPC/wallet.
Oracle Database Cloud Backup Module initialization file
/orclhome/dbs/opcmySID.ora created.
Downloading Oracle Database Cloud Backup Module Software Library from file
opc_linux64.zip.
Downloaded 13165919 bytes in 204 seconds. Transfer rate was 64538
bytes/second.
Download complete.
Extracted file /home/oracle/OPC/lib/libopc.so
Example 1: Running the Cloud Backup Install Tool
Example 1 above shows how the tool automatically downloads the platform specific cloud backup module, creates an Oracle Wallet to securely store the user’s ODBS credentials, and creates the Cloud backup configuration file. Please refer to the accompanying README for further details.
5. Configure Recovery Manager (RMAN) Settings
During the installation process, the installer creates a configuration file named opc<SID>.ora in the $ORACLE_HOME/dbs directory. This file contains the ODBS URL to which the backup will be performed and the location of the wallet which holds the ODCBM credentials.
Using RMAN, configure the SBT device to use the ODBS (SBT) library.
RMAN> configure channel device type sbt parms
'SBT_LIBRARY=/orclhome/lib/libopc.so
11
ENV=(OPC_PFILE=/orclhome/dbs/opcmySID.ora)';
using target database control file instead of recovery catalog
new RMAN configuration parameters:
CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS
'SBT_LIBRARY=/orclhome/lib/libopc.so
SBT_PARMS=(OPC_PFILE=/orclhome/dbs/opcmySID.ora)';
new RMAN configuration parameters are successfully stored
Example 2: Configuring RMAN
Once the RMAN configuration is complete, backups to the cloud can be performed. You can use the same RMAN commands that you regularly use for tape backups. No new commands are required for using ODCBM.
6. Configure Encryption ODCBM enforces RMAN backup encryption and will not permit unencrypted backups to be sent to the Oracle Database Backup Service. If the backup is not encrypted, an error message similar to the one shown below is returned. RMAN-03009: failure of backup command on ORA_SBT_TAPE_1 channel at 02/14/2014 14:00:43 ORA-27030: skgfwrt: sbtwrite2 returned error ORA-19511: non RMAN, but media manager or vendor specific failure, error text: KBHS-01602: backup piece 14p0jso8_1_1 is not encrypted RMAN encrypted backups are securely created, transmitted, and stored in the cloud. Please refer to the Oracle documentation for more details on the various RMAN encryption methodologies, and choosing from various encryption algorithms (such as AES128 or AES256). Refer to the Appendix for examples: If no Oracle wallet has been configured, you can still perform encrypted backups using password based encryption.
RMAN> set encryption on identified by "myPassword" only; Likewise, you have to specify the same password before you perform a restore operation.
RMAN> set decryption identified by “myPassword” only;
7. Perform backups RMAN supports binary compression of backups. For backing up to ODBS, you can choose from HIGH, MEDIUM, BASIC, or LOW algorithms. Refer to the Oracle documentation to understand these options to properly choose the algorithm that best fits your needs. As an example,
RMAN> configure compression algorithm ‘MEDIUM’;
12
RMAN> backup as compressed backupset database plus archivelog;
• Refer to the OTN document “Advanced Compression with Oracle 11g”. • Refer to the OTN page “Encrypt Database Backups” for details on using the encryption and
compression options together. Refer to My Oracle Support Doc ID 1640149.1 – Oracle Database Backup Service FAQ at http://support.oracle.com for more details.
8. Restore & Recovery
Depending on the type of fault and the recovery needed, either the entire database or specific tablespaces or data files are to be restored and recovered. Similarly, this cloud module also supports the new capability in Oracle Database 12c to perform Table level recovery using RMAN. If password based encryption was used during the backup, you must provide the same password during the restore. Likewise, if TDE mode of backup was performed, then the same encryption key is required during restore. All the restore and recovery operations are performed via the RMAN interface.
Cloud Backup Best Practices
End-to-End Data Security
ODCBM enforces that backups are encrypted before being transmitted to the cloud. Encrypting backups ensures that your data is secured at the source, transmitted securely over SSL, and protected against unauthorized access in the cloud. Encryption can also be enabled while scheduling backups in Enterprise Manager.
Protection of the Encryption Key
The Oracle wallet or the password used during the backups need to be safe-guarded. That information is required at the time of restore. Please refer to the OTN page for more details.
Optimizing Cloud Backup Performance
As Cloud Backups are sent over the public Internet, the backup performance depends on the WAN network bandwidth. However, by using the right combination of RMAN parallelism and compression, much higher effective backup rates can be attained.
• Due to public Internet network (WAN) bandwidth constraints, backups to cloud can take significantly longer compared to backups over LAN.
• Compression helps overcome the network bandwidth limitations. Effective backup rate can be increased multiple times if compression is used.
13
• Using parallel streams (RMAN channels) also speeds up Cloud backups.
The following best practices are recommended to optimize the performance of Cloud Backups:
• Use multiple RMAN channels for higher parallelism resulting in full utilization of the network. • Use multi-section backups. Oracle Database versions 11g and above allows multiple channels
to back up a single file in parallel, increasing parallelism beyond the number of datafiles to be backed up. For example, the RMAN command to specify backup section size 1 GB is:
BACKUP DEVICE TYPE SBT DATABASE SECTION SIZE 1g;
• Use the compression algorithms available with the Oracle Database 11g Advanced Compression Option, since these algorithms are usually faster than the default RMAN BASIC compression. Oracle recommends using MEDIUM compression for cloud backups.
• Use a weekly full and daily incremental backup strategy. This will result in faster backups and may help save significant amount of network bandwidth. Use the RMAN Fast Incremental Backup feature (based on Block Change Tracking) to optimize the performance of your daily incremental backups.
Refer to My Oracle Support Doc ID 1640149.1 – Oracle Database Backup Service FAQ at http://support.oracle.com for more details.
Conclusion
The Oracle Database Cloud Module allows customers to use Oracle Database Backup Service as their offsite backup storage destination. Compared to traditional tape-based offsite storage, Cloud backups are more accessible, faster to restore under most circumstances, and more reliable, while eliminating the overheads associated with maintaining off-site backup operations. To top it all, existing RMAN customers can leverage all the benefits of backing up to the Cloud with minimal changes to their existing infrastructure
14
Appendix
Configuration Files
The following table shows the various files involved in the overall Oracle Database Backup Service configuration.
File name Location Purpose
libopc.so User specified library location
SBT library which enables backup to Oracle Cloud
opc<SID>.ora $ORACLE_HOME/dbs Contains ODBS container URL location for the user and also the ODBS credential wallet location
cwallet.sso User specified wallet location
Oracle wallet which securely stores ODBS credentials. This is used during RMAN backups and restores operations.
Wallet for encryption
(optional – only needed for TDE )
Either $ORACLE_BASE /admin/$ORCLE_SID /wallet (or) set in sqlnet.ora (or) in a user defined location
Oracle wallet for backup encryption.
15
Example test run
.
Running the installer:
$mkdir /home/oracle/OPC/wallet
$mkdir /home/oracle/OPC/lib $java -jar opc_install.jar -serviceName myService -identityDomain myDomain -opcId [email protected] -opcPass abc123 -walletDir
/home/oracle/OPC/wallet -libDir /home/oracle/OPC/lib
Oracle Public Cloud Backup Service Install Tool, build 2014-01-21 Create credential oracle.security.client.connect_string1 Oracle Public Cloud Backup Service wallet created in directory /home/oracle/OPC/wallet. Oracle Public Cloud Backup Service initialization file /orclhome/dbs/opcsr12.ora created. Downloading Oracle Public Cloud Backup Service Software Library from file opc_linux64.zip. Downloaded 22237663 bytes in 0 seconds. Download complete.
Content of opc initialization parameter file :
$ cat /orclhome/dbs/opcsr12.ora
OPC_HOST=https://storage.us2.oraclecloud.com/v1/myService-myDomain
OPC_WALLET='LOCATION=file:/home/oracle/OPC/wallet CREDENTIAL_ALIAS=alias_opc'
Cloud backup module will not allow the backups to be performed without encryption.
RMAN> set encryption off; executing command: SET encryption RMAN> backup datafile 7; Starting backup at 14-FEB-14 allocated channel: ORA_SBT_TAPE_1 channel ORA_SBT_TAPE_1: SID=117 device type=SBT_TAPE channel ORA_SBT_TAPE_1: Oracle Database Backup Service Library channel ORA_SBT_TAPE_1: starting full datafile backup set channel ORA_SBT_TAPE_1: specifying datafile(s) in backup set input datafile file number=00007 name=//orclhome/dbs/tbs_22.f channel ORA_SBT_TAPE_1: starting piece 1 at 14-FEB-14
16
RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS RMAN-00571: =========================================================== RMAN-03009: failure of backup command on ORA_SBT_TAPE_1 channel at 02/14/2014 13:58:45 ORA-27030: skgfwrt: sbtwrite2 returned error ORA-19511: non RMAN, but media manager or vendor specific failure, error text: KBHS-01602: backup piece 12p0jski_1_1 is not encrypted
Using Password Encryption
RMAN> set encryption on identified by "abc123" only; executing command: SET encryption RMAN> backup datafile 7; Starting backup at 14-FEB-14 using channel ORA_SBT_TAPE_1 using channel ORA_SBT_TAPE_2 using channel ORA_SBT_TAPE_3 using channel ORA_SBT_TAPE_4 channel ORA_SBT_TAPE_1: starting full datafile backup set channel ORA_SBT_TAPE_1: specifying datafile(s) in backup set input datafile file number=00007 name=//orclhome/dbs/tbs_22.f channel ORA_SBT_TAPE_1: starting piece 1 at 14-FEB-14 channel ORA_SBT_TAPE_1: finished piece 1 at 14-FEB-14 piece handle=0pp0jrl2_1_1 tag=TAG20140214T134154 comment=API Version 2.0,MMS Version 3.13.10.29 channel ORA_SBT_TAPE_1: backup set complete, elapsed time: 00:00:03 Finished backup at 14-FEB-14
Using Transparent Data Encryption
Create a wallet directory
$ mkdir $ORACLE_BASE/admin/$ORCLE_SID/wallet
SQL> alter system set encryption key identified by "abc123";
System altered.
17
Now, configure the encryption and perform backup.
RMAN> configure encryption for database on; new RMAN configuration parameters: CONFIGURE ENCRYPTION FOR DATABASE ON; new RMAN configuration parameters are successfully stored RMAN> backup datafile 7; Starting backup at 14-FEB-14 using channel ORA_SBT_TAPE_1 channel ORA_SBT_TAPE_1: starting full datafile backup set channel ORA_SBT_TAPE_1: specifying datafile(s) in backup set input datafile file number=00007 name=//orclhome/dbs/tbs_22.f channel ORA_SBT_TAPE_1: starting piece 1 at 14-FEB-14 channel ORA_SBT_TAPE_1: finished piece 1 at 14-FEB-14 piece handle=13p0jsn2_1_1 tag=TAG20140214T140002 comment=API Version 2.0,MMS Version 3.13.10.29 channel ORA_SBT_TAPE_1: backup set complete, elapsed time: 00:00:03 Finished backup at 14-FEB-14
Oracle Database Backup Service - TWP JanuaryJadAuthor: Database High Availability Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0110
![[XLS] · Web viewadd corps SMITH TWP-UNION LSD SOMERSET TWP-BARNESVILLE EVSD UNION TWP-ST CLAIRSVILLE RICHLAND CSD UNION TWP-UNION LSD UNION TWP-MORRISTOWN CORP WARREN TWP-BARNESVILLE](https://static.fdocuments.net/doc/165x107/5b3485b47f8b9a6b548c3425/xls-web-viewadd-corps-smith-twp-union-lsd-somerset-twp-barnesville-evsd-union.jpg)
